Category: Wicket

In development mode, Wicket generates id’s with the wicket namespace prefix. These id’s are dynamic and change everytime a page is rendered. This works fine until you try to record test scripts with Selenium IDE.

What Selenium basically does is use XPath queries against the wicket:id‘s, recording the value of those id’s. But next time around, when you try to playback the test script, it will fail beacuse the values of all of the wicket:id’s have changed.

One possible workaround would be to just use normal HTML id attributes. But this is very laborious and poses limitations on your HTML, CSS, and Javascript code, and also polutes the production code with a lot of unnecessary id attributes.

In this tutorial I describe how you can setup Wicket 1.5 to use Spring Security 3.1 for authentication and Wicket Auth/Roles for authorization.

Spring Security is a very complete and flexible solution for all kinds of security needs. It offers a lot of functionality out-of-the-box and it is quite easy to extend to fit your own custom needs. Visit the Spring Security website (http://static.springsource.org/spring-security/site/index.html) for more information.

Wicket Auth/Roles makes it easy to annotate components with authorization information. E.g., the @AuthorizeInstantiation configures what roles are allowed to instantiate the annotated component or package, and the @AuthorizeAction annotation controls wether the component is rendered or not based on the roles.

At the and of this tutorial you will have a sample Wicket project that uses Spring Security to look up the user – including roles, full name, etc. -, validate the password, and manage the current user session. Wicket Auth/Roles validates whether the current user has access to a particular page, or even a particular component. Continue reading “Integrating Wicket with Wicket Auth/Roles and Spring Security”